I have a pfSense instance with two network interfaces set up between a LAN and WAN:
192.168.1.0/24 (WAN) <-> (192.168.1.100) pfSense (10.0.1.100) <-> 10.0.1.1/24(LAN)
For simplicity, I have allowed all traffic in the filtering rules.
This works fine and a machine on the LAN with pfSense (10.0.1.100) as the gateway can connect to hosts on the WAN:
<10.0.1.5> $ ping 192.168.1.10 64 bytes from 192.168.1.10: icmp_seq=0 ttl=51 time=11.753 ms
However, a machine on the WAN with pfSense (now 192.168.1.100) as the gateway can not connect to hosts on the LAN:
<192.168.1.10> $ ping 10.0.1.5 *timeout*
The firewall rules allow all traffic in both directions.
tcpdump shows that the packets arrive on the WAN interface correctly but are never sent on the LAN interface.
Is there a function of pfSense that prohibits routing from WAN to LAN? What must be done to allow machines in WAN to route to LAN.
I am aware of the security implications. This is a simplified example.